SOC Manager

About The Position

Requirements

• Expertise in Incident Detection and Response: Comprehensive knowledge of incident detection, triage, investigation, escalation, and response processes, including experience with containment, eradication, and recovery procedures.
• Advanced Understanding of Cybersecurity Tools and Technologies: Proficiency with security tools such as Security Information and Event Management (SIEM) systems, Intrusion Detection and Prevention Systems (IDS/IPS), Endpoint Detection and Response (EDR) tools, and firewalls.
• Threat Intelligence and Cyber Threat Hunting Skills : Ability to analyze threat intelligence and identify attack methods, indicators of compromise (IOCs), and tactics, techniques, and procedures (TTPs) used by adversaries.
• Strong Leadership and Team Management Skills: Proven ability to lead and mentor a team of SOC analysts, providing guidance, performance feedback, and professional development opportunities.
• Knowledge of Networking and System Security: In-depth knowledge of network architectures, protocols (e.g., TCP/IP, DNS, HTTPS), and operating systems (Windows, Linux, macOS), including securing and monitoring these environments.
• Familiarity with Cybersecurity Frameworks and Standards: Knowledge of cybersecurity frameworks (e.g., NIST Cybersecurity Framework, MITRE ATT&CK, ISO 27001) and how to apply them to SOC operations.
• Policy Development and Process Optimization: Skill in developing and maintaining SOC playbooks, Standard Operating Procedures (SOPs), and policies to improve SOC operational efficiency and effectiveness.
• Effective Communication and Reporting Skills: Ability to clearly communicate complex technical information (e.g., incident findings and risk assessments) to non-technical stakeholders, leadership, and external partners.
• Analytical and Problem-Solving Abilities: Strong analytical skills for identifying trends, correlating security data, and solving complex cybersecurity challenges to improve organizational defense.
• Continuous Learning and Threat Adaptability: Demonstrated ability to stay current on evolving cybersecurity threats, tools, and best practices, adapting to new challenges and proactively improving defensive measures.
• Bachelor's degree in technical discipline, or related field and/or 10-years’ experience in progressively more complex roles in cybersecurity operations or analysis and/or incident response
• Clearance Requirement: Top Secret
• CompTIA Security+ Certified
• Certified Information Systems Security Professional (CISSP)

Nice To Haves

• Certified Ethical Hacker (CEH)
• GIAC Certified Incident Handler (GCIH)
• GIAC Security Operations Certified (GSOC)
• CompTIA Advanced Security Practitioner (CASP+)
• Certified Information Security Manager (CISM)
• AWS Certified Security – Specialty or Microsoft Certified: Azure Security Engineer Associate: Relevant if managing systems in hybrid or cloud environments.
• Cyber Threat Intelligence (CTI) Cert or MITRE ATT&CK™ Defender (MAD) Demonstrates specialized knowledge in threat intelligence analysis and mapping frameworks.
• Advanced Threat Intelligence Knowledge.
• Experience working with and integrating threat intelligence platforms and frameworks into SOC operations.
• Automation and Scripting Skills.
• Knowledge of scripting languages like Python, PowerShell, or Bash for automating routine SOC tasks and custom threat detection rules.
• Strategic Thinking and Risk Management.
• Ability to assess current threats and vulnerabilities, prioritize organizational risks, and drive proactive mitigation strategies.
• Strong interpersonal and communication skills to relay real-time incident updates and foster collaboration between SOC teams and other organizational units.
• Experience with Federal and DoD Systems: Familiarity with compliance requirements and operational environments specific to the Department of Defense (e.g., DISA STIGs, FedRAMP, RMF).

Responsibilities

• Oversee the daily operations of the Security Operations Center (SOC), ensuring the effective execution of cybersecurity monitoring, detection, response, and reporting activities.
• Lead and manage a team of SOC analysts, providing guidance, mentorship, and support on incident detection, triage, escalation, and mitigation processes. Conduct performance assessments and identify professional development opportunities for SOC team members.
• Monitor and analyze cybersecurity events to identify anomalies, threats, and potential compromises using security tools such as SIEM, IDS/IPS, and EDR solutions. Identify and report on indicators of compromise (IOCs) while adhering to established escalation protocols.
• Manage and coordinate incident response activities, including containment, eradication, and recovery, while ensuring proper documentation of actions. Collaborate with internal stakeholders (e.g., IT teams, system owners) and external constituents (e.g., vendors, law enforcement, or intelligence agencies) during incident response efforts.
• Develop, review, and maintain SOC standard operating procedures (SOPs), playbooks, and runbooks to streamline incident response and escalation processes. Ensure all SOC-related documentation reflects current threats and technologies.
• Oversee continuous monitoring of networks, systems, and endpoints to identify and respond to security alerts in a timely manner. Optimize security tool configurations and automated workflows to improve threat detection capabilities.
• Evaluate security posture by analyzing threat intelligence, attack patterns, and system vulnerabilities to identify and mitigate weak points in the organization’s defense. Lead efforts to improve SOC detection and response capabilities by evaluating and adopting cutting-edge tools and processes.
• Ensure timely reporting of all SOC-related events, incidents, and threat intelligence findings to government leadership and stakeholders. Provide actionable recommendations to address vulnerabilities, mitigate threats, and strengthen cybersecurity postures.
• Conduct SOC team training to improve response techniques, threat-hunting abilities, and awareness of emerging cyber threats and vulnerabilities. Promote cybersecurity awareness and defensive best practices across the organization .
• Lead post-incident reviews to evaluate the effectiveness of the SOC response, identify lessons learned, and integrate improvements into future operations. Provide feedback to leadership on SOC performance metrics and resources needed for optimization.